ASA Ipsec VPN site to site

I have a new ASA i'm putting in a new Colo site, I'm wanting to get as much configuration done as possible before i head there, can i setup that side of the IPSEC tunnel ahead of time and when i rack it and connect  it will connect automatically. Or does it have to be done live?
LVL 1
leadthewayAsked:
Who is Participating?
 
Pete LongTechnical ConsultantCommented:
>>I'd have to use the NAT ip address of the site that needs to remotely access correct?

Yes!  allow access from your public IP :)

>>so i just need to create network objects for each subnet?

Yes! dont forget to add a nat examption for them as well!

Pete
0
 
Pete LongTechnical ConsultantCommented:
Yes of course, amd make sure you can manage the device from your main site in case there's a problem.

Cisco ASA 5500 Site to Site VPN (From CLI)

Cisco ASA – Allow Remote Management

Pete
0
 
leadthewayAuthor Commented:
allowing access to one address externally, I'd have to use the NAT ip address of the site that needs to remotely access correct?

So from my office to access the new ASA

ssh 12.8.x.x 255.255.255.255 outside
0
 
leadthewayAuthor Commented:
also what if i have multiple subnets on each side that the other needs access to?

PetesASA(config)#object network Site-A-SN
PetesASA(config-network-object)#subnet 10.254.254.0 255.255.255.0
PetesASA(config)#object network Site-B-SN
PetesASA(config-network-object)#subnet 172.16.254.0 255.255.255.0
PetesASA(config)#access-list VPN-INTERESTING-TRAFFIC line 1 extended permit
ip object Site-A-SN object Site-B-SN
PetesASA(config)#nat (inside,outside) source static Site-A-SN Site-A-SN
destination static Site-B-SN Site-B-SN no-proxy-arp route-lookup
Firewall Running an OS Earlier than 8.3(x)

so i just need to create network objects for each subnet?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.